CVE-2019-17180
published 2019-10-04CVE-2019-17180: Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in…
PriorityP338high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.72%
49.1th percentile
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| valvesoftware | steam_client | < 2019-09-12 | 2019-09-12 |
| valvesoftware | steam_client | >= 0 < 2019-09-12 | 2019-09-12 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mwv8-pr5j-j6w9: Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Win
ghsa_unreviewed·2022-05-24
CVE-2019-17180 [HIGH] CWE-22 GHSA-mwv8-pr5j-j6w9: Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Win
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
OSV
CVE-2019-17180: Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Win
osv·2019-10-04
CVE-2019-17180 CVE-2019-17180: Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Win
Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://amonitoring.ru/article/steam_vuln_3/https://habr.com/ru/company/pm/blog/469507/https://hackerone.com/reports/583184https://hackerone.com/reports/682774https://store.steampowered.com/news/54236/https://amonitoring.ru/article/steam_vuln_3/https://habr.com/ru/company/pm/blog/469507/https://hackerone.com/reports/583184https://hackerone.com/reports/682774https://store.steampowered.com/news/54236/
2019-10-04
Published